Opinion blog

Following our recent post ‘Web monitoring plans – open to abuse’, the Draft Communications Bill is now available. Interest in it was such that on the day it was released the Home Office website collapsed under the strain.

As members of ISPA, Entanet seized the opportunity to hear from a Home Office representative and discover what they had to say about the Bill. Unfortunately, part of the challenge in engaging with Government on this topic is that under the banner of “state security” most questions met with evasive answers.

This lack of clarity is a shame, as this is a Bill more interesting for what it doesn’t say than what it does. The Government’s negotiating stance with its draft is, in essence, to say that they are entitled to ask anyone for anything other than “content” without a warrant. That could include how much you have downloaded, how you pay your ISP or phone company and who you have spoken to. The most we can say on the positive side is that the Bill would repeal part 1 of chapter 2 of the unloved Regulation of Investigatory Powers Act 2000 (“RIPA”) which regulates how the security services can monitor and access communication over the Internet. Whilst that was generally held to be rushed and poorly drafted legislation, its potential replacement is instead deliberately, and worryingly, open-ended. The tone is set by the opening line “The Secretary of State may by order…”

The intention seems to be to pass a single enabling Bill which will then give the Secretary of State freedom in the future to decide which public authorities can monitor who and how to go about it without all the bother of going back to Parliament for primary legislation. Although the Bill mentions “filtering” (the infamous “black boxes” analysing network traffic, notwithstanding the emphasis now is not on real-time examination but on taking a slice from a rolling 12 month window) there is no technical detail around how this would work, and we have been told that a Code of Practice to provide this level of detail will only be made available after the Bill is passed.

It would be quite wrong to say that the Bill is limited to traditional telcos or ISPs or those of a certain size as its definition of “telecommunications operator” is a person who controls something anywhere in the world that runs on electricity and transmits communications. On the face of it, even your mobile phone would fall under this definition. This is just one example of how, while the publicly stated intention may be narrow, most areas of the Bill have potentially huge range as currently drafted.

We look forward to active debate about the conflict of law’s position, as the Home Office maintain they can issue notices to communications providers overseas; and on the interaction between this Bill and the Data Protection Act as far as continuing liability for data loss on the part of the communication provider is concerned, should the Government’s filter – managed by a third party – spring a leak.

The difficulty in practice of those examining traffic ignoring content are laid bare in the delightfully old-world example of postcards, which also fall within the ambit of the Bill – the official would need to extract the name and address whilst studiously ignoring the message next to it. Exactly the same challenge affects digital traffic such as multiplayer games.

Entanet’s opinion

As we have stated previously, whilst we understand the need to protect our citizens against potential terror threats and criminal activity we feel the draft Communications Bill is far too open ended and leaves the Secretary of State with too much room to add and amend powers going forward.

Similarly, whilst we understand the need for secrecy and discretion the Government seem to be taking this to extremes and we feel more clarity is needed before this Bill can be passed into law –it currently raises more questions than it answers. As ISPs we need to know more about the technical requirements and need to see this expected Code of Practice before the law is passed, not afterwards. If previous legislation such as the DEA is anything to go by, the technical aspects are likely to raise a lot more questions and concerns which should be discussed before the controversial Bill becomes law. However, it sounds like once again ISPs are just going to have to do as they are told by the Government.

Have your say!

Do you agree with Theresa May that this draft strikes “the right balance between protecting the public and safeguarding civil liberties”? Are you happy for who you contact, when and where to be potentially monitored, or has the draft Bill encouraged you to install a proxy server, SSL encryption and a VPN and to protest to your MP? As an ISP or reseller are you concerned about the technical implications? We would like to know your thoughts, so please leave us a comment below.